PRIVACY POLICY OF BRIDGE SOLUTIONS HUB S.A.

§ 1. GENERAL PROVISIONS

1. Before using the Shop (hereinafter referred to as: ‘Online Shop’), the User should read this privacy policy (hereinafter referred to as: ‘Privacy Policy’).
2. This document only concerns the processing of personal data administered by Bridge Solutions HUB S.A. with its registered office in Warsaw.
3. The administrator of personal data collected via the website www.chemicaltiger.com is Bridge Solutions Hub S.A. with its registered office in Warsaw, ul. Zygmunta Vogla 2A, 02-963 Warsaw, entered in the Register of Entrepreneurs kept by the District Court in Warsaw, 13th Commercial Division of the National Court Register, under KRS number: 0000887045, REGON: 142524552, NIP: 5222967030, share capital of PLN 1,505,000.00 (hereinafter referred to as the ‘Administrator’ or ‘Bridge Solutions Hub S.A.’).
4. The Administrator has appointed a Data Protection Officer who can be contacted by email: iodo@bshub.pl
5. Personal data collected by the Administrator via the website is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the ‘GDPR’, and the Personal Data Protection Act of 10 May 2018 (Journal of Laws of 2018, item 1000, as amended).

§ 2. TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION

1. Scope of personal data processed:
a) registration of an account in the shop: email address
b) order fulfilment: name and surname, user address, telephone number, email address, (optional) tax ID and company name.
c) when using the Online Shop, additional information may be collected from the user's device, in particular: the IP address assigned to the user's computer or the external IP address of the Internet provider, domain name, browser type, access time, and operating system type.
2. The administrator processes personal data on the chemicaltiger.com website in order to:
a) register an account and accept and fulfil orders to purchase products on the basis of (art. 6 clause 1 lit. b GDPR - contract fulfilment), regardless of the method of accepting these orders, including also through the online store at www.chemicaltiger.com
b) the provision of warranty services on the basis of (Article 6(1)(b) GDPR - performance of a contract);
c) tax settlement of purchases made on the basis of (Article 6(1)(c) GDPR - fulfilment of the legal obligation incumbent on the administrator) in connection with the Corporate Income Tax Act and the Goods and Services Tax Act;
d) securing and pursuing potential claims based on (Article 6(1)(f) GDPR – legitimate interest of the controller or third party),
e) direct marketing: products or services of Bridge Solutions Hub S.A. and enclosing promotional materials of Bridge Solutions Hub S.A.'s business partners with shipments based on (art. 6 sec. 1 letter f GDPR legitimate interest of the administrator or third party),
f) sending marketing content electronically (email, push notifications) on the basis of (art. 6 sec. 1 lit. a - consent of the person) in connection with the implementation of art. 398 PKE (Electronic Communications Law).
g) processing personal data also in an automated manner in the form of profiling, provided that the user gives their consent (Article 6(1)(a) of the GDPR – consent of the individual). The consequence of profiling will be the assignment of a profile to an individual in order to make automated decisions or to analyse or predict their preferences, behaviour and attitudes.
h) conducting correspondence with Customers or potential Customers and answering their questions in connection with the contact, including via the contact form on the Online Shop website, pursuant to (art. 6 sec. 1 letter f GDPR - legitimate interest of the controller or third party);
i) analytical and statistical activities regarding the use of the Online Shop by users based on (art. 6 sec. 1 lit. f GDPR - legitimate interest of the administrator or third party).
j) facilitating the use of services provided electronically and improving the functionality of these services, additional data may also be collected from users, i.e. device IP, domain IP, browser type, access time, operating system type, navigation data including information about links and references that you choose to click on or other actions taken on the website. The legal basis for these activities is the legitimate interest of the controller pursuant to Art. 6 (1) (f) GDPR (legitimate interest of the controller or a third party).
3. The provision of personal data by the user is voluntary, however, failure to provide the above-mentioned personal data necessary to create an account, place and fulfil an order results in the inability to place an order. Providing personal data when placing an order also enables direct marketing activities to be carried out for you, as referred to in point 1(e).

§ 3. DISCLOSURE OF PERSONAL DATA

1. Users' personal data may be transferred to the following recipients or categories of recipients: the Company's suppliers, service providers, Logistics Centre, postal operators and courier companies that deliver parcels to Customers on behalf of Bridge Solutions Hub S.A. deliver parcels to customers, external suppliers specialising in the provision of marketing services (e.g. marketing agencies) in connection with the design, planning and placement of advertisements, banks and debt collection, legal or consulting companies that provide Bridge Solutions Hub S.A. with professional financial services.
2. In the case of a customer who makes a purchase in the online shop, the recipient of the data is also the hosting service provider. Users' personal data is stored exclusively within the European Economic Area (EEA).

§ 4. RIGHT OF CONTROL, ACCESS TO OWN CONTENT, AND RIGHT TO CORRECTION OF DATA

1. The data subject has the right to access their personal data and the right to rectify, delete, limit the processing of, transfer, object to and withdraw consent to the processing of their personal data at any time, without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal.
2. Legal basis for your request:
a) access to personal data – Article 15 GDPR
b) rectification of data – Article 16 GDPR
c) erasure of data (right to be forgotten) – Article 17 GDPR
d) restriction of processing – Article 18 of the GDPR.
e) data portability – Article 20 of the GDPR.
f) objection – Article 21 of the GDPR
g) withdrawal of consent – Article 7(3) of the GDPR.
3. In order to exercise the rights referred to in point 2, you can send an appropriate e-mail to the following address: iodo@bshub.pl.
4. In the event that the user exercises the right arising from the above rights, the Administrator shall comply with the request or refuse to comply with it immediately, but no later than within one month of its receipt. However, if – due to the complexity of the request or the number of requests – the Administrator is unable to fulfil the request within one month, they will fulfil it within the next two months, informing the user beforehand, within one month of receiving the request, of the intended extension of the deadline and the reasons for it.
5. If it is found that the processing of personal data violates the provisions of the GDPR, any data subject has the right to lodge a complaint directly with the supervisory authority: the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.

§ 5. PERIOD OF STORAGE OF PERSONAL DATA

1. We will process your data for the following periods:
a) if the basis for data processing is the performance of a contract, for as long as it is necessary to perform the contract, and after that time for a period corresponding to the period of limitation of claims. Unless a specific provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business - three years.
b) in the case where the basis for data processing is consent, until such time as the consent is revoked, and after the consent is revoked, for a period of time corresponding to the period of limitation of claims that may be raised by the Administrator and that may be raised against him. Unless a specific provision stipulates otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business activities – three years.
c) to fulfil our obligations under the warranty – in accordance with the warranty period specified in the Online Shop Terms and Conditions – available on the chemicaltiger.com website (hereinafter referred to as the ‘Shop Terms and Conditions’) and the relevant legal provisions.
d) for tax purposes regarding sales – for a period of 5 years from the end of the tax year in which the sale took place;
e) marketing of our products and services – for a period of up to 5 years from your last purchase; you have the right to object at any time to the processing of your data for marketing purposes
f) carrying out marketing communications – until you withdraw your consent to such contact or you object to the processing of your data for marketing purposes;
g) answering questions asked via the contact form – for the duration of the correspondence itself and then for a period of 24 months,
h) use of an account in the Online Shop – for the period during which the Customer has an account in the Online Shop, in accordance with its regulations; after the Customer has deleted the account, we may still process the Customer's data for the purposes of defending against claims, if justified by the circumstances;
i) analytical and statistical activities regarding the use of the Online Shop - for the duration of the user account,

§ 6. USE OF COOKIES

1. Cookies
a) The Online Shop uses mechanisms such as cookies, local storage and session storage, which are used for automatic data storage (hereinafter collectively referred to as ‘cookies’). Cookies are used to better adapt the Shop to the needs of Users.
b) Bridge Solutions HUB S.A. uses Local Storage and Session Storage technology on its Websites because it is similar in principle to ‘cookies’. It is a separate part of the browser's memory that allows web applications to store data locally. Data in Local Storage is stored by the browser for a long time and is not deleted when the browser is closed. It also does not have a specific expiry date. Data stored in Session Storage is deleted when the browser is closed. The user can delete data stored in Local or Session Storage at any time.
c) Cookies that are necessary for using our website are used, among other things, to ensure the stability of its functioning (they measure traffic, protecting us from its overload), to remember the privacy preferences selected by the User, and to fill in the online forms we provide. We use these cookies by default, which means that we save them on your computer or smartphone when you visit our website (in accordance with Article 399 of the Polish Electronic Communications Act).
d) We only use other cookies if you give us your consent.
e) Essential cookies – ensure the proper functioning of our website and its basic functions. Without them, the User will not be able to properly use our online services. These cookies are exempt from the requirement to obtain the User's consent (Article 399 of the Polish Act on Electronic Communications)
f) Analytical cookies – our website uses cookies provided by external analytical cookie providers. Analytical cookies allow us to track the number and sources of visits, so that we can measure and improve the performance of our website. These cookies help us understand which pages are the most and least popular and how visitors move around the site. If you refuse to save analytical cookies on your computer or smartphone, your visit will not be included in our statistics, but this will not restrict any of the functionalities on our website.
g) Marketing cookies – we use these cookies to personalise the content that is displayed to you. Marketing cookies may be used in our advertising campaigns, which are run on third-party websites. If you agree to the use of marketing cookies, you may receive information about the websites of our trusted partners where you have responded to our advertisements. If you opt out of marketing cookies, you will see general, non-personalised advertisements. As with analytics cookies, if you choose not to have marketing cookies stored on your computer or smartphone, you will not limit any of the functionality on our website.
2. Purposes of using cookies
Bridge Solutions HUB S.A. uses cookies to:
a) authenticate the User and enable logging into the User's account;
b) customise the Services to the User's preferences;
c) to conduct analyses and research on the efficiency of the Websites and the ways in which the Websites are used;
d) to ensure the security of the Websites;
e) to conduct marketing activities and to provide Users with advertisements tailored to their preferences on the websites of Bridge Solutions HUB S.A. and on the Internet.
3. Use of cookies for marketing purposes
a) Cookies enable the creation of user interest profiles and help understand what content the user may be interested in and display advertisements based on these interests. For this purpose, Bridge Solutions HUB S.A. may collect data through cookies placed on the User's device via external websites. Therefore, advertisements on the Websites belonging to Bridge Solutions HUB S.A. may also be displayed based on the behaviour of Users on other websites.
b) If the User agrees, data about their activity on the Websites will be made available to Bridge Solutions HUB S.A. marketing partners, in particular advertising technology providers, advertising networks, media houses, interactive agencies and advertisers. The list of marketing partners can be viewed here List of Marketing Partners.
c) Codes and cookies may be placed on websites belonging to Bridge Solutions HUB S.A. by partners. Codes and files allow for the analysis of the User's activity on the Internet in order to display advertisements tailored to the User's interests and preferences, thanks to the automated comparison of interests and preferences with model interests and preferences of Internet users (profiling). Therefore, when using other websites, the User may see advertisements displayed based on activity on the Websites of Bridge Solutions HUB S.A.
d) The Websites also use the form of internet marketing known as ‘retargeting’. This allows partners to display advertisements to Users based on their interactions with websites unrelated to Bridge Solutions HUB S.A. Websites.
e) Behavioural marketing is conducted within the Services, which does not involve the collection of personal data directly identifying the User, such as name, surname, address of residence. However, in certain cases, especially with regard to registered Users, it is possible to link specific information resulting from cookies to the User.
4. Social Networks
a) Bridge Solutions HUB S.A. websites use cookies, plug-ins and other social tools provided by social networks such as Facebook, Twitter, Instagram and Google. When using the Bridge Solutions HUB S.A. Websites, the User's browser will establish a direct connection to the servers of the administrators of social networking sites (service providers), so that they receive information that the User is using the Bridge Solutions HUB S.A. Website, even if they do not have a profile with a given service provider or are not currently logged in to it. This information, together with the IP address of the User's device, is transferred to the server of the service provider and stored there. It should be emphasised that some servers are located outside the European Economic Area, e.g. in the USA. In this case, personal data is transferred to third countries where the possibilities for exercising the rights of data subjects and effective legal remedies are in place, whereby the controller and service provider ensure adequate protection of personal data through the use of binding corporate rules or adopted standard data protection clauses.
b) When the User clicks on the ‘Like’ or ‘Share’ buttons, the corresponding information is sent directly to the service provider, which may result in it being published on the social networking site.
c) With regard to the transfer of personal data to service providers, Bridge Solutions HUB S.A. and the service providers are joint controllers of the Users' personal data, whereby the User should exercise his/her rights directly in relation to the relevant service provider. The purpose and scope of data collection and its further processing and use by service providers, as well as the possibility of contact and the User's rights in this respect and the possibility of making settings to ensure the protection of the User's privacy are described in the privacy policy of individual service providers:
ca) Facebook: https://www.facebook.com/legal/FB_Work_Privacy,
cb) Instagram: https://help.instagram.com/519522125107875?helpref=page_content,
cc) Google: https://policies.google.com/privacy?hl=pl
5. Cookie management - Essential cookies
a) The User has the option to disable cookies in their browser. However, the User must be aware that this may cause difficulties in using the Services provided via the Website. Saved cookies can be deleted using the appropriate functions of the web browser, programmes used for this purpose or tools available within the operating system used by the User. If you do not change the settings of your browser regarding the management of cookies, cookies will be automatically placed on your device.
b) Due to the variety of browsers and applications used to operate websites, the management of cookies may vary depending on the browser used, therefore, before starting to use the Websites, we recommend that you familiarise yourself with the method of managing privacy/security functions. Desktop devices: Internet Explorer, Chrome, Safari, Firefox, Opera. Mobile devices: Chrome, Safari, Windows Phone, Blackberry.
c) To clear data from mobile applications, depending on the system installed on the mobile device, do the following:
ca) For Android: go to Settings, go to Applications, search for the application, select Storage and select ‘Clear data’.
cb) For iOS: it is not possible to clear the app data. The only solution is to delete and reinstall the app.
6. Other cookies
a) When you visit our website, a banner will be displayed informing you that it uses cookies. If you select the ‘Accept all’ option, this means that you have accepted all cookies that are set on our website, you agree to the transfer of cookies to our partners and you confirm that you have read the information about cookies and the purposes for which they are used, and the cases in which the data collected with the help of cookies is transferred to our partners.
b) Consent is not required for necessary cookies, as these cookies ensure the full and uninterrupted functionality of our website. These cookies are exempt from the requirement to obtain the User's consent in accordance with Article 398 of the Electronic Communications Law
c) Refusing to accept cookies
d) If you do not want our cookies to be stored on your device, you can select the option ‘Reject all’. By selecting this option, you will reject all cookies except for the technically necessary cookies that we use on our website.
e) Modifying cookie settings
f) The user can manage their cookie preferences in detail by selecting the ‘Change settings’ box on the cookie banner that appears.

§ 7. FINAL PROVISIONS

1. This document is effective as of 1 March 2025.
2. This document is adopted by the Management Board of Bridge Solutions Hub S.A. and is subject to periodic review in order to be updated, in particular in the event of changes in legal regulations.
3. The administrator shall apply technical and organisational measures to ensure the protection of personal data processed, appropriate to the risks and categories of data protected, and in particular shall protect the data against unauthorised access, removal by an unauthorised person, processing in violation of applicable laws, and alteration, loss, damage or destruction.
4. The administrator provides appropriate technical measures to prevent unauthorised persons from obtaining and modifying personal data sent electronically.
5. In matters not covered by this Privacy Policy, the provisions of the GDPR and other relevant provisions of Polish law shall apply accordingly.